What does the ICO’s new fining guidance mean for your organisation?
On the 18th March 2024, the Information Commissioner's Office issued its updated guidance around the issuing of fines when organisations have been found liable for the integrity of their customers' or end users' data being compromised. It is already well-established now that failure to ensure critical data remains secure will result in costly fines, as we have seen repeatedly in multiple high-profile cases over the years.
The biggest takeaway from this update is the new level of importance afforded to notifying the National Cyber Security Centre (NCSC) when infrastructure is accessed by bad actors and following their guidance to the letter. The length of time between a breach being identified and the NCSC receiving notification will be a key factor in determining the value of the fine issued, which means quick action will make all the difference when it comes to mitigating the potential damage.
This further reinforces the importance of swift, decisive action in the event of any cyber security incident, and that it is critical to engage with trusted experts to ensure remediation and disaster recovery processes are appropriate and effective. Any delays mean more potential downtime, which means lost profits, a loss of hard-won customer confidence, and - in light of this recent news - the potential for an even more costly fine.
It is therefore essential that you take a proactive approach to remediation, establishing robust processes and systems that can be triggered straight away in the event of a breach to ensure business continuity is maintained. Here are some strategies to start with that will help you mitigate the risks:
1. Shortening the Attack Window
- Faster Patching: Applying updates quickly closes vulnerabilities that attackers might exploit. Delaying patches gives them more time to develop and launch attacks.
- Proactive Threat Hunting: This strategy assumes a breach might already exist and actively searches for attackers. Early detection allows for faster containment and minimizes damage.
2. Limiting Attack Surface
- Inventory and Control: Removing unnecessary hardware and software reduces the number of potential entry points for attackers.
- Application Whitelisting: (with Signed Software Execution) This allows only authorized applications to run, preventing attackers from introducing malicious software.
3. Strengthening Defences
- Multi-Factor Authentication: Adding an extra layer of authentication makes it harder for attackers to steal credentials and gain access.
- Hardware Security Features: Utilizing features like secure boot and TPM adds another layer of protection to the system.
- Network Segmentation: Isolating critical networks limits the damage an attacker can do if they breach a specific segment.
4. Improving Recovery Capabilities
- Disaster Recovery Plan: Having a plan in place ensures a smoother and faster recovery process after an attack, minimizing downtime and financial losses.
- Backups: Regular backups allow you to restore
In addition to this, if you have not already done so, remediation and mitigation processes should now also include engaging with the NCSC - along with your trusted technology partners. By planning for the worst in this way, you will avoid any additional uncertainty during what will already be an extremely testing period for your organisation, and be able to provide employees, customers, and end users that their data will be secured, and measures taken to avoid future breaches, without resorting to paying a ransom demand.
If you are in any doubt as to what to do in the event of a data breach once the NCSC has been notified, reach out to our own cyber security and business continuity experts. We work with organisations at all levels, across both the public and private sectors, to ensure their remediation processes allow them to resume operations in days, rather than months, mitigating the potential impact of the attack. By taking the time to understand your organisation, your infrastructure, and the nature of your dataflows, we will be able to help you design and implement the appropriate disaster recovery and remediation processes, built on a foundation of military-grade technologies.
Working together in this way, we will be able to establish a new standard of best practice around disaster recovery and continue to drive new innovations to support it, helping organisations across the public and private sectors minimise the damage caused by cyber incidents.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.